Re: Different roots for each process possible?
On Mon, Jan 15, 2001 at 07:47:04PM -0500, Roland McGrath wrote:
> Each process has a port that is its root directory, just as it has a port
> that is its current working directory. The root directory port is
> inherited by fork/exec just like the current directory port is. This is
> how chroot works (the other piece of chroot is a filesystem RPC used to get
> a directory port that doesn't let /.. get out of the chosen "root"
> directory). As with chroot on Unix, a setuid program (called a secure exec
> in Hurdish) reverts to the global root directory port. So, modulo setuid,
> you can chroot your shell to a filesystem of your choice and the processes
> that descend from it will see that filesystem as the root for their lookups.
Why are root privileges needed for chroot. If you are identifying yourself
by the auth mechanism it should be secure for any processes to chroot.
(On Unix the user can provide his own myroot/etc/passwd and then get root access
in his chrooted process. AFAIK) I haven't understand the auth mechanism of
HURD, so I may be wrong about the security of user chroot calls.
The big advantage of user chrooted processes is that you can run a suspicious
program in a secure sandbox (i.e. without important files, translators, connections
and devices). Then no user has to fear about downloaded programs. He can use
standard sandboxes to run them. This would improve the security of the system.
> So, by setting a translator the implements the filesystem name space you
> want to see on ~/myroot, you can do "chroot ~/myroot" to go into that world.
--
Stefan Karrmann
Reply to: